**Last updated**: 07 April 2026 | [**Change log**](/access/products/payments/changelog/)
# SCA Exemptions
Enterprise
Request an SCA Exemption from us to reduce 3DS checkout friction and remain SCA compliant. You can be granted:
- Type: `lowRisk` or `lowValue` in placement `authorization` to skip 3DS authentication but with the risk of the issuer rejecting the exemption and returning a soft decline so 3DS authentication is required anyway. 3DS is initiated automatically by the Payments API if the exemption is soft declined.
- Type `lowRisk` in placement `authentication` to reduce the chance of a 3DS challenge and improve authentication rates.
For more general information on Strong Customer Authentication (SCA) see our [SCA compliance](/access/products/3ds-sca-exemptions/) page.
## How to enable
The request must contain:
- `instruction.threeDS` object as described in [3DS Authentication](/access/products/payments/enable-features/3ds-authentication#how-to-enable) - **You must include this for SCA Exemptions**
- `instruction.exemption.type` = `integrated` - used to indicate the exemption is requested from Worlpay's TRA solution
- `instruction.exemption.mode` = `always` - used to indicate the exemption is always requested. The ability to restrict to [SCA](/access/products/3ds-sca-exemptions#a-condensed-guide-to-sca-strong-customer-authentication) applicable cards will be added soon.
- `instruction.exemption.capability` = `authorizationAndAuthentication` - defines which exemption placement types can be returned. See our [request schema](#request-schema) for allowed values.
Optionally:
* When using `instruction.exemption.capability` as `authorizationAndAuthentication` you can specify a preference for the exemption on a per request basis using `instruction.exemption.request` for both the `type` and/or `placement`. See our [request schema](#request-schema) for details.
If SCA exemptions are not applicable (e.g. first in a recurring series (CIT), 3DS not enabled, Apple Pay, Google Pay) we will return a validation error message.
## Sequence diagram
Exemption in Authorization
Exemption granted with a placement of `authorization` and is honored by the issuer (payment authorized)
```mermaid
sequenceDiagram
participant Browser
participant Merchant_Frontend as Merchant Frontend
participant Merchant_Backend as Merchant Backend
participant Payments_API as Payments API
participant Issuer
Browser->>Merchant_Frontend: Click Pay
Merchant_Frontend->>Merchant_Backend: Pay
Merchant_Backend->>Payments_API: Payment request
Payments_API->>Payments_API: Exemption assessment
Note over Payments_API: Exemption granted
Placement: authorization
Type: lowRisk or lowValue
Payments_API->>Issuer: Authorization request
Note over Issuer: Exemption honored
payment authorized
Issuer->>Payments_API: Authorization Response
Payments_API->>Merchant_Backend: Payment response
Merchant_Backend->>Payments_API: Settlement request
Payments_API->>Merchant_Backend: Settlement response
Merchant_Backend->>Merchant_Frontend: Transaction complete
Note left of Merchant_Frontend: Order receipt page
```
Exemption in Authorization - Soft Decline Loop
Exemption granted with a placement of `authorization`, but the issuer does not honor the exemption and returns a refused outcome (soft decline - code: 65).
Payments API automatically starts the steps for 3DS authentication and upon completion results in a successful 2nd attempt to authorize the payment.
```mermaid
sequenceDiagram
participant Browser
participant Merchant_Frontend as Merchant Frontend
participant Merchant_Backend as Merchant Backend
participant Payments_API as Payments API
participant Issuer
Browser->>Merchant_Frontend: Click Pay
Merchant_Frontend->>Merchant_Backend: Pay
Merchant_Backend->>Payments_API: Payment request
Payments_API->>Payments_API: Exemption Assessment
Note over Payments_API: Exemption granted
Placement: authorization
Type: lowRisk or lowValue
Payments_API->>Issuer: Authorization Request
Note over Issuer: Exemption not honored
payment refused (code: 65)
Issuer->>Payments_API: Authorization Response
Note over Payments_API: Start 3DS authentication (automatic)
Payments_API->>Merchant_Backend: Payment response
Merchant_Backend->>Merchant_Frontend: DeviceData - BIN/JWT/URL
Merchant_Frontend->>Browser: 3DS Device Data form
Browser-->>Issuer: Form post
Issuer-->>Browser: PostMessage: dfReferenceId
Merchant_Backend->>Payments_API: 3dsDeviceData request
Payments_API->>Merchant_Backend: 3dsDeviceData response
Merchant_Backend->>Merchant_Frontend: Challenge JWT/URL
Merchant_Frontend->>Browser: 3DS challenge form
Browser-->>Issuer: Form post
Issuer-->>Browser: Return to merchant site
Merchant_Backend->>Payments_API: 3dsChallenges request
Note over Payments_API: 3DS authenticated (successful)
Payments_API->>Issuer: Authorization Request
Note over Issuer: payment authorized
Issuer->>Payments_API: Authorization Response
Payments_API->>Merchant_Backend: 3dsChallenges response
Merchant_Backend->>Payments_API: Settlements request
Payments_API->>Merchant_Backend: Settlements response
Merchant_Backend->>Merchant_Frontend: Transaction complete
Note left of Merchant_Frontend: Order receipt page
```
Exemption in Authentication (3DS)
Exemption is granted with a placement of `authentication`, 3DS authentication is started and the challenge preference is auto set to `noChallengeRequestedTRAPerformed`.
The issuer honors the challenge preference and no challenge is given in 3DS. The successful 3DS authentication details are used in the payment request resulting in an authorized payment.
```mermaid
sequenceDiagram
participant Browser
participant Merchant_Frontend as Merchant Frontend
participant Merchant_Backend as Merchant Backend
participant Payments_API as Payments API
participant Issuer
Browser->>Merchant_Frontend: Click Pay
Merchant_Frontend->>Merchant_Backend: Pay
Merchant_Backend->>Payments_API: Payment request
Payments_API->>Payments_API: Exemption Assessment
Note over Payments_API: Exemption granted
Placement: authentication
Type: lowRisk
Payments_API->>Merchant_Backend: Payment response
Merchant_Backend->>Merchant_Frontend: DeviceData - BIN/JWT/URL
Merchant_Frontend->>Browser: 3DS Device Data form
Browser-->>Issuer: Form post
Issuer-->>Browser: PostMessage: dfReferenceId
Merchant_Backend->>Payments_API: 3dsDeviceData request
Payments_API->>Issuer: Authorization Request
Note over Issuer: Exemption honored
payment authorized
Issuer->>Payments_API: Authorization Response
Payments_API->>Merchant_Backend: 3dsDeviceData response
Merchant_Backend->>Payments_API: Settlements request
Payments_API->>Merchant_Backend: Settlements response
Merchant_Backend->>Merchant_Frontend: Transaction complete
Note left of Merchant_Frontend: Order receipt page
```
No Exemption Granted
No exemption is granted so 3DS authentication is automatically performed.
```mermaid
sequenceDiagram
participant Browser
participant Merchant_Frontend as Merchant Frontend
participant Merchant_Backend as Merchant Backend
participant Payments_API as Payments API
participant Issuer
Browser->>Merchant_Frontend: Click Pay
Merchant_Frontend->>Merchant_Backend: Pay
Merchant_Backend->>Payments_API: Payment request
Payments_API->>Payments_API: Exemption Assessment
Note over Payments_API: Exemption not granted
Payments_API->>Merchant_Backend: Payment response
Merchant_Backend->>Merchant_Frontend: DeviceData - BIN/JWT/URL
Merchant_Frontend->>Browser: 3DS Device Data form
Browser-->>Issuer: Form post
Issuer-->>Browser: PostMessage: dfReferenceId
Merchant_Backend->>Payments_API: 3dsDeviceData request
Payments_API->>Merchant_Backend: 3dsDeviceData response
Merchant_Backend->>Merchant_Frontend: Challenge JWT/URL
Merchant_Frontend->>Browser: 3DS challenge form
Browser-->>Issuer: Form post
Issuer-->>Browser: Return to merchant site
Merchant_Backend->>Payments_API: 3dsChallenges request
Note over Payments_API: 3DS authenticated (successful)
Payments_API->>Issuer: Authorization Request
Note over Issuer: payment authorized
Issuer->>Payments_API: Authorization Response
Payments_API->>Merchant_Backend: 3dsChallenges response
Merchant_Backend->>Payments_API: Settlements request
Payments_API->>Merchant_Backend: Settlements response
Merchant_Backend->>Merchant_Frontend: Transaction complete
Note left of Merchant_Frontend: Order receipt page
```
## Example Request
```json
{
"transactionReference": "Memory265-13/08/1876",
"merchant": {
"entity": "default"
},
"instruction": {
"method": "card",
"paymentInstrument": {
"type": "plain",
"cardHolderName": "Sherlock Holmes",
"cardNumber": "4000000000001091",
"expiryDate": {
"month": 5,
"year": 2035
}
},
"exemption": { // [!code focus:5] // [!code highlight:5]
"type": "integrated",
"mode": "always",
"capability": "authorizationAndAuthentication"
},
"threeDS": {
"type": "integrated",
"mode": "always",
"deviceData": {
"acceptHeader": "text/html",
"userAgentHeader": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0)",
"browserLanguage": "en-GB",
"browserScreenWidth": 900,
"browserScreenHeight": 1200,
"browserJavaEnabled": true,
"browserColorDepth": "32",
"timeZone": "300",
"browserJavascriptEnabled": true,
"channel": "browser"
},
"challenge": {
"returnUrl": "http://payment.example.com"
}
},
"customer": {
"email": "john.appleseed@example.com",
"phone": "00000000000",
"ipAddress": "192.168.0.1"
},
"narrative": {
"line1": "trading name"
},
"value": {
"currency": "GBP",
"amount": 42
}
}
}
```
### Request schema
br
## Example response
In the payment response you will be provided a summary of what happened when requesting and applying the exemption.
To see a full list of outcomes view the [testing (SCA exemptions tab)](/access/products/payments/testing) section.
```json
{
"outcome": "authorized",
"transactionReference": "Memory265-13/08/1876",
"schemeReference": "060720116005060",
"issuer": {
"authorizationCode": "675725"
},
"riskFactors": [
{
"risk": "notChecked",
"type": "cvc"
},
{
"risk": "notChecked",
"detail": "address",
"type": "avs"
},
{
"risk": "notChecked",
"detail": "postcode",
"type": "avs"
}
],
"exemption": { // [!code focus:6] // [!code highlight:6]
"granted": true,
"placement": "authorization",
"type": "lowRisk",
"result": "honored",
"reason": "issuerHonored"
},
"paymentInstrument": {
"type": "card/plain+masked",
"cardBin": "400000",
"lastFour": "1000",
"countryCode": "GB",
"expiryDate": {
"year": 2035,
"month": 5
},
"cardBrand": "mastercard",
"fundingType": "debit",
"category": "consumer",
"issuerName": "BANK LIMITED",
"paymentAccountReference": "3001DBT34Q41D6J7PFC5W0UA4OT4C"
},
"_links": {
"self": {
"href": "https://try.access.worldpay-bsh.securedataplatform.com/api/payments/eyJrIjoiazNhY...."
}
},
"_actions": {
"cancelPayment": {
"href": "https://try.access.worldpay-bsh.securedataplatform.com/api/payments/eyJrIjoiazNhYjYz..../cancellations",
"method": "POST"
},
"settlePayment": {
"href": "https://try.access.worldpay-bsh.securedataplatform.com/api/payments/eyJrIjoiazNhYj..../settlements",
"method": "POST"
},
"partiallySettlePayment": {
"href": "https://try.access.worldpay-bsh.securedataplatform.com/api/payments/eyJrIjoiaz..../partialSettlements",
"method": "POST"
}
}
}
```
### Response schema
**Next steps**
- [Testing (SCA Exemptions tab)](/access/products/payments/testing) for scenario details and magic test values